Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

View an IoC

Log in to subscribe to topics and get notified when content changes.

View an IoC

IoCs, sometimes referred to as indicators, are most typically retrieved from a threat data source as STIX data. If needed, you can also create IoCs.

Before you begin

Role required: sn_ti.write


  1. After the scheduled job has retrieved IoC data from the defined data source, navigate to Threat Intelligence > IoC Repository > Indicators.
    The retrieved IoCs are listed.
  2. Click the IoC you want to view.
  3. The following information displays.
    Field Description
    Select classification tag If you set up and activated security tags to add metadata to the record, you can select one or more tags to specify the degree of sensitivity of the IoC.

    If you did not set up or activate security tags, this drop-down list is not displayed.

    Title A descriptive name for this indicator.
    First Seen The first date this indicator was observed in the system.
    Last Seen The most recent date this indicator was observed in the system.
    Encountered count The number to times the indicator has been encountered.
    Sourced count The number to times the indicator was imported from defined threat sources.
    Notes Any additional notes about the indicator. This field can also contain JSON key/value pairs.
  4. You can click any of the following related lists to view additional information.
    Related List Description
    Related Observables Lists observables that are linked to the current indicator.
    Related Attack mode/method Lists related attack modes/methods that have been identified as related to this indicator.
    Associated Type Lists other indicator types that are associated with this IoC.
    Indicator Sources Lists the sources of this indicator, along with the confidence level of the source.
    Associated Tasks Lists all tasks, changes, and incidents associated with the IoC.
    Indicator Metadata If the Notes field contains valid JSON key/value pairs, they are parsed and displayed. If no JSON key/value pairs are present, or if the JSON is invalid, this related list is not displayed.
    Security Annotations